• Affected Version
    WoltLab Suite 5.2

    Hello everyone!

    I started using CloudFlare yesterday but now I get an error page when trying to upload a package.

    Is anyone using CloudFlare PRO and can give me some guidance on the best settings to be used?

    all the best

    • Official Post

    To be honest, I'm not sure if the WAF is of any actual use. I mean, their filters are much better than the average garbage offered by some webhosts, but in the end they're still some dumb filters that look for specific patterns. They also keep adding new rules regularly, but in the end I turn most of them off again, because they conflict with our site. For instance, it will detect SQL queries and such inside packages uploaded to the Plugin-Store (or the admin panel as in your case), which isn't exactly a problem.

    I guess it boils down to the other software you're running on the same site, for example, WordPress would sure benefit from an additional protection layer, considering its terrible track record. I'm only leaving the WAF online because it blocks some annoying bots, some using custom rules that are a bit more complex.

    • Official Post

    Is there a simple way to block bots and leave all the rest off?

    No, and I will give zero advices in that direction. "Bots" is a very fuzzy term and one has to understand that these are not bad by definition, for instance, search engines use bots for legitimate reasons. Generally speaking, you should not make the mistake of blocking all sorts of things in advance, the chance for false positives is quite significant and you can always take actions when something doesn't behave as expected.